NuitDuHack2013 Crackme 100 (Huge.js)
- Firefox Browser
Opening the file in Notepad++, we can see that it contains a function called "x" and a very long bunch of hexadecimal characters
Something like this
Wait a minute, this looks exactly like the encoded code at the beginning of the puzzle.
Copy the hexadecimal characters from the browser output and paste it back into the "abc" variable in the html file.
Reload the html file in the browser to run the decoding a second time.
The actual code consists of multiple functions that perform hashing on the password.
There is also a function "unlock" which basically checks for a certain password hash.
Analyzing this function, we know that the password is 5 characters long and it can only contains a certain list of valid characters
With that, we can write a brute force function to brute force the password out
Run the brute force script in a browser and after awhile, it will give you the flag
(Do note that the brute force will take awhile, the browser may prompt you that the script is unresponsive. If it does, do not stop the script, ignore the warning or wait for the script to complete)
(For this, I recommend Firefox, as Firefox has the option of "Don't ask me again" which will save you a lot of waiting and clicking frustration)